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1 Introduction 

In recent years there has been a lot of interest in the definition of so-called 
weakly-relational numeric domains, whose complexity and precision are in be- 
tween the (non-relational) abstract domain of intervals [9] and the (relational) 
abstract domain of convex polyhedra [10]. The first weakly-relational domain 
proposed in the literature is based on systems of constraints of the form x — y<c 
and ±a; < c, typically represented by Difference-Bound Matrices (DBMs). Even 
though DBMs have a long tradition in Computer Science, their use in the Ab- 
stract Interpretation field is quite recent. The idea of defining an abstract domain 
of DBMs was put forward in [1], where these constraints were called bounded 
differences. An independent application can be found in [19], where an abstract 
domain of transitively closed DBMs is defined. In this case, the transitive closure 
requirement was meant as a simple and well understood way to obtain a canon- 
ical form for the domain elements, so as to abstract away from merely syntactic 
differences. In [19] the specification of all the required abstract semantics op- 
erators is provided, including an operator that is meant to match the standard 
widening operator defined on the domain of convex polyhedra [10]. Unfortu- 
nately, as pointed out in [14,15], this operator is not a widening since it does not 
provide a convergence guarantee for the abstract iteration sequence. 

The abstract domain of (not necessarily transitively closed) DBMs is con- 
sidered in [14]. In this more concrete, syntactic domain the transitive closure 
operator behaves as a kernel operator (monotonic, idempotent and reductive) 
mapping each DBM into the smallest DBM (with respect to the component- 
wise ordering) encoding the same geometric shape. As done in [19], a widen- 
ing operator is also defined in [14] and it is observed that this widening "has 
some intriguing interactions" with transitive closure, therefore identifying the 
divergence issue faced in [19]. This observation has led to the conclusion that 
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"fixpoint computations must be performed" in the lattice of DBMs, without 
enforcing transitive closure [14]. 

2 Difference-Bound Shapes 

While the analysis of the divergence problem is absolutely correct, the solution 
identified in [14] is sub-optimal since, as is usually the case, resorting to a syntac- 
tic domain (such as the one of DBMs) has a number of negative consequences. To 
identify a simpler, more natural solution, we first have to acknowledge that an 
element of this abstract domain should be a geometric shape, rather than (any) 
one of its matrix representations. To stress this concept, such an element will 
be called a Difference- Bound Shape (DBS). A DBS corresponds to the equiva- 
lence class of all the DBMs representing it. The implementation of the abstract 
domain can freely choose between these possible representations, switching at 
will from one to the other, as long as the semantic operators are implemented as 
expected. The other step towards the solution of the divergence problem is the 
simple observation that a DBS is a convex polyhedron and the set of all DBSs 
is closed tmder the application of the standard widening on polyhedra. Thus, no 
divergence problem can be incurred when applying the standard widening to an 
increasing sequence of DBSs. 

On the other hand, the domain of DBSs is isomorphic to the domain of tran- 
sitively closed DBMs considered in [19], which suffers from an actual divergence 
problem. A closer inspection reveals that these two observations are not in con- 
tradiction, because the widening operator defined in [19] is not equivalent to 
the standard widening for convex polyhedra. In fact, a key requirement in the 
specification of the standard widening is that the first argument is described by 
a non-redundant system of constraints.^ Thus, using transitively closed DBMs 
does not work because they typically contain redundant constraints. What is 
needed for a correct implementation of the standard widening is a minimiza- 
tion procedure mapping a DBM representation into (any) one of the maximal 
elements in the corresponding equivalence class: such a procedure was defined 
in [13] and called transitive reduction. 

In summary, the solution to the divergence problem for DBSs is to apply the 
standard widening of [10] to a transitively reduced DBM representation of the 
first argument. It is worth stressing that, from the point of view of the user, 
this is a transparent implementation detail: on the domain of DBSs, transitive 
reduction is the identity function, as was the case for transitive closure. 

2.1 On the Precision of the Standard Widening 

The standard widening on DBSs could result, if used without any precaution, in 
poorer precision with respect to its counterpart defined on the syntactic domain 

^ This requirement was sometimes neglected in recent papers describing the standard 
widening; it was recently recalled and exemplified in [2,3]. 
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of DBMs. The specification of [14] prescribes, for maximum precision, two con- 
straints on the abstract iteration sequence: the first one restricts the application 
of the standard widening to a transitively closed representation for the second 
argument (note that, in this case, no divergence problem can arise); the second 
one demands that the first DBM of the iteration sequence Mq, Mi, . . . , Mi, 
... is transitively closed. The effects of both improvements can be obtained also 
with the semantic domain of DBSs. As for the first one, this can be applied as 
is (since transitive closure is just an implementation detail). The other improve- 
ment can be achieved by applying the well-known 'widening up to' technique de- 
fined in [11,12] or its variation called 'staged widening with thresholds' [6,7,17]: 
in practice, it is sufficient to add to the set of 'up to' thresholds all the constraints 
of Mo that are redundant for the representation of the corresponding DBS (i.e., 
those constraints that are removed by the transitive reduction algorithm). 

Further precision improvements can be obtained by applying any delay strat- 
egy and/or the framework defined in [2,3]. In particular, by providing the widen- 
ing on DBSs with a finite convergence certificate, it is possible to lift it to a corre- 
sponding widening on the finite powerset of DBSs [4]. It should be stressed that, 
in this case, using the syntactic domain of DBMs may have drawbacks: since 
different DBMs may represent the same DBS, the presence of these "duplicates" 
in a finite powerset element may have a negative effect on both efficiency and 
precision (e.g., when considering a cardinality-based widening operator). Also 
note that, in general, the systematic removal of these duplicates would interfere 
with widenings, possibly compromising the convergence guarantee. 

3 Octagonal Shapes and Beyond 

The abstract domain of DBMs has been generalized in [15] so as to allow for the 
manipulation of constraints of the form ax + by < c, where a,b G { — 1,0, +1}, 
leading to the definition of the octagon abstract (octagons were called simple 
sections in [5]). Each octagon is represented by using a coherent DBM and the 
transitive closure algorithm is specialized into a strong closure procedure. All 
the previous reasoning can be repeated, leading to the definition of the semantic 
abstract domain of octagonal shapes together with a correct implementation of 
the standard widening. In this case, the transitive reduction algorithm defined 
in [13] does not eliminate all redundancies: we will describe a new minimization 
procedure that takes into account all the constraint inferences performed by the 
strong closure algorithm. 

Other examples of weakly-relational numeric domains include the 'two vari- 
ables per inequality' abstract domain [20], the octahedron abstract domain [8], 
and the abstract domain of template constraint matrices [18], as well as the ab- 
stract domain of bounded quotients [1] and the zone congruence abstract domain 
[16]. As long as their implementation is based on (extensions of) the transitive 
closure algorithm, it is possible to define the corresponding syntactic and se- 
mantic versions. The choice between the two versions mainly depends on the 
availability of a reasonably efficient minimization procedure: in our opinion, all 
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the rest being equal, the semantic versions should be preferred for their greater 
elegance and the more natural integration with domain constructions such as 
the finite powerset operator. 
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